COMPLIANCE SECURITY


The ultimate protection for your data

StarCompliance values the security of your business and your data above all else. The STAR platform has been built from the ground up with a focus on security across every product and feature of the application. The STAR platform is hosted in SOC 2 and/or ISO 27001 data centers with 99.98% availability. As an organization, StarCompliance is ISO 27001, ISO 9001, EU-U.S. and SWISS-U.S. Privacy Shield Framework certified.

BOOK A DEMO
 

Comprehensive governance, risk and compliance security strategies


The StarCompliance approach to security is based on a Governance, Risk and Compliance strategy, led and supported from the top down. Our Information Security and Data Protection team ensure that strict policies and procedures are established and implemented in relation to best practice, legislative, regulatory, legal and contractual requirements. These procedures are coupled with the authority to enforce the controls – administrative, technical and physical – which protect our security principles of confidentiality, integrity and availability.

GOVERNANCE

StarCompliance conforms to standards defined by the International Organization for Standardization (ISO) and is certified to:

  • ISO 27001 – Information Security Management System Our systematic approach to managing sensitive company information ensures it remains secure. This involves applying robust risk management to our people, processes and IT systems.
  • ISO 9001 – Quality Management System Our QMS enables us to identify, measure, control and improve the core business processes that lead to improved business performance. StarCompliance is self-certified to the:
  • EU-U.S. Privacy Shield Framework
  • SWISS-U.S. Privacy Shield Framework
RISK

ISO 27005 is the Risk Management Framework that underpins ISO 9001 and ISO 27001. Risks are identified internally by our Information Security and Data Protection team and externally in our annual, independent, third-party audits. 

COMPLIANCE

Our compliance program includes:

  • Audits – periodic assessments to identify non-conformities and opportunities for improvement with:
    -Internal audits led by our Information Security Officer (CISSP)
    – Annual, external audits by independent, third parties (ISO 27001, ISO 9001)
    – Ad-hoc, on-site client-sponsored audits
  • Regulatory and legislative compliance, including the upcoming EU General Data Protection Regulation (GDPR).

Physical, technical and administrative controls to protect your data


StarCompliance deploys the highest levels of security throughout its operations and products to protect your data. This includes physical security at our premises, technical security in our software and networks, and administrative security in our processes and training.

PHYSICAL SECURITY
  • Tier III Data Centers – 99.98% availability
  • SSAE18 SOC 1 & 2 and/or ISO 27001
  • StarCompliance dedicated, locked, server cage environment (co-location environment)
  • 24/7/365 security guards
  • CCTV & recorders
  • Biometric access – iris & fingerprints (three-factor authentication)
  • X-ray machines
  • Unmarked buildings fitted with false entrances, vehicle blockades, bulletproof glass/walls
  • HVAC, power redundancy and fire-suppression systems

Administrative security:
  • Single-tenancy model
  • Independent (CREST) Third-Party, Application Penetration Security Testing
  • Security awareness training
  • Software Development Lifecycle (SDLC) includes:

    – Static Application Security Testing
    – Static code analysis
    – Developer secure code training provided by an external security firm

  • Roles-based access control (only StarCompliance authorized employees have access to client data, via Change Control, in our co-location environment)
  • Information security strategies & risk analysis
  • Strict policies and procedures
  • Separation of duties
TECHNICAL SECURITY:

– STAR application:

  • Single sign-on
  • Configurable password complexity (to client’s policies)
  • Roles-based access control
  • Extensive, granular user permissions
  • Extensive user data visibility controls
  • Advanced proxy controls
  • Encryption of data in-transit and at-rest

– Network:

  • “Defense in depth” network topology
  • Firewalls with Intrusion Prevention Systems (IPS)
  • Web Application Firewalls (WAF)
  • Host Intrusion Prevention Systems (HIPS)
  • Network Intrusion Detection Systems (NIDS)
  • Endpoint Security (anti-virus, anti-malware etc.)
  • Anti-DDoS protection
  • Security Information & Event Management systems (SIEM)
  • Patch management solutions
  • DLP solutions
Talk to the experts

If you’re looking for software with robust compliance solutions that will improve business efficiency while safeguarding the integrity and reputation of your organization, look no further. Schedule a personalised demo with a Star professional to see what the STAR platform can do for you.